Unauthenticated LFI on TP-Link WR740N

TP-Link WR740N suffers from an LFI vulnerability in the /help/ directory.

This is a PoC to demonstrate how to exploit the vulnerability and get the shadow file present on the linux system.

Make a request as the following:

rustscan

From the research made, it does not look like there are previously LFI vulnerabilities discovered.

TP-Link was contacted regarding this vulnerability and they said that the product reach EOF and so no mitigation will be made to the router.

2022

September 25, 2022 1 minute read

TP-Link WR740N suffers from a few stored XSS vulnerabilities.

research tp-link-WR740N

September 25, 2022 less than 1 minute read

TP-Link WR740N suffers from an LFI vulnerability in the /help/ directory.

research tp-link-WR740N

July 18, 2022 1 minute read

This is an “easy” machine from HackTheBox Business CTF.

writeup hackthebox ctf

July 8, 2022 less than 1 minute read

This is an easy machine from TryHackMe.

writeup tryhackme

July 2, 2022 1 minute read

This is a medium machine from TryHackMe.

writeup tryhackme

May 31, 2022 less than 1 minute read

This is an easy machine from TryHackMe.

writeup tryhackme

May 30, 2022 1 minute read

This is an easy machine from TryHackMe.

writeup tryhackme